chore(ci): Ability to skip scan-images job during grype cdn failures

Add grype GH cache to reuse across jobs

Add GH timeout for scan-images job

.github/workflows/release.yml

@@ -436,8 +436,12 @@ jobs:
     name: Scan Images - ${{ matrix.label }}
     needs: [metadata, build-images]
     runs-on: ubuntu-22.04
+    timeout-minutes: ${{ fromJSON(vars.GHA_DEFAULT_TIMEOUT) }}
+    # Use DISABLE_SCA_SCAN to completely disable the scan in case of emergency purposes and revert it back when notified.
+     vars.DISABLE_SCA_SCAN == 'false'
     if: |-
       always()
+      && vars.DISABLE_SCA_SCAN == 'false'
       && fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] != ''
       && needs.build-images.result == 'success'
       && (github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]'))
@@ -488,6 +492,16 @@ jobs:
         asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-amd64
         image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}
 
+    - name: Cache Grype DB
+      id: cache-grype
+      uses: actions/cache@v3
+      env:
+        cache-name: cache-grype-db
+      with:
+        # Grype cache files are stored in `~/.cache/grype/db` on Linux/macOS
+        path: ~/.cache/grype/db
+        key: ${{ env.cache-name }}
+
     - name: Scan ARM64 Image digest
       if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != ''
       id: sbom_action_arm64